How to delete file(s) in secure manner?
Is there a way to make sure that a deleted file can not be recovered? As you know, deleting a file by pressing shift-del or using trash doesn’t mean that file is gone forever. It resides somewhere in the computer. In day to day life, law enforcement or thieves use recovery programs to reveal our private data or something else. They can recover all data that resides on hard disk, in RAM, and even USB. To protect us from these people, what should one do? Which program should one use? Note: I don’t want an answer like first use a recovery program then erase that file with shred. With just one program, I want to erase all unused/deleted files on my computer.
Unfortunately bounty was awarded automatically even though no answer seems to apply to the age of SSD very tightly. With SSD bytes aren’t really overwritten (unless you go for entire drive procedures) unless a drive manufacturer specific API call is made, if at all it can. See the article quoted in one of the answers.
It would have been nice to have a way to securely delete by right clicking a file or folder. Just to be safer than typing the wrong folder path in the commandline.
11 Answers 11
Shred
This command line tool is already installed from the core utilities in Ubuntu to securely erase and overwrite single files using the Gutman method.
Fast shredding
erases whole partitions by overwriting everything with 0 s in a single iteration. If no legal aspects require another procedure, doing so is most probably safe to securely delete your private data.
from Craig Wright Lecture Notes in Computer Science, 2008, 5352, 243-257 .
Secure shredding
erases the whole partition using 3 iterations with random numbers. In addition (option -z ) this writes zeros to hide the shredding process at the end. This will take 4 times longer than the fast method.
NOTE: By shredding a partition we will overwrite this partition with 0 or random numbers. It therefore efficiently deletes everything including file system caches on that partition forever. This can also be used to remove unwanted remnants of deleted files. Files we want to keep will have to be backed up before shredding.
Wipe
More options, and the possibility of erasing directories in addition to single files, are offered by this command line utility.
wipe filename wipe -r dirname Additional notes on journaling file systems and SSDs:
- Please read the notes in the linked manpages on security issues arising from still recoverable backups in journaling file systems when erasing single files. Overwriting whole partitions rather than single files will effectively erase all data even when using a journaling file system.
- Erasing data on a solid state disk (SSD) can if at all only be done by overwriting the whole drive (not only single partitions) with several iterations. Some SSDs may have an inbuilt feature to erase data but this may not always be efficient (see this link from comment). At present there is no general recommendation on the wiping processes or number of erase iterations needed to securely remove all data remnants on all SSDs available.
These options can be added in the context menu of Nautilus and Thunar.
Description whatever you like
Select «Appearance Conditions» and select «Other Files»
It is probably also worth noting that if you’re using a solid state drive, it also acts as a simple log structured file system and may not overwrite the data.
@shred, «about 20 minutes to erase a 1.44MB». About whole life to erase 640 gb 🙂 . For wipe, «. we cannot guarantee that wipe will actually erase data, or that wiped data is not recoverable by advanced means.» In other words, wipe has no real/full power on memory.
Note that, while you can use shred on individual files, as well, if you use a modern journaling filesystem, there’s no guarantee that shred will result in unrecoverable deletion. You’d have to blow away the entire partition. I think the US government standard is 7 passes with random data.
One comment regarding SSD: Overwriting the whole drive will not really help. In short: You cannot reliably remove data from flash memory. Always store confidential files encrypted. (cf. Wei et al., Reliably Erasing Data From Flash-Based Solid State Drives: usenix.org/events/fast11/tech/full_papers/Wei.pdf)
@freddyb: I am aware of the fact that at present it is not clear how to securely erase data from a SSD. Encryption is always better — this includes conventional drives as well! The question however was on how to securely erase data (implying they may not have been encrypted before).
There isn’t one command that you can run which will easily clean up all the already-deleted files for you. However, there are a number of things you can do to reduce your vulnerability to this sort of attack in future.
As others have said, using tools like shred or srm allows you to delete a specific file by actually overwriting it, rather than just removing it from the filesystem. If you’re feeling bold, you can replace the rm command with shred or srm to securely delete files going forward. That means that whenever you (or another program) tries to delete something using rm , the secure delete command will run instead.
However, if you’re using a solid state disk, or even some newer mechanical disks, shred and other overwriting-based methods may not be effective, since the disk may not actually write where you think it’s writing (source).
Full-Disk Encryption
A more convenient option is full-disk encryption. If you use the alternate installer, Ubuntu can automatically set up a fully-encrypted disk for you you, but you can also customize and configure the settings yourself. Once installed, the encryption is almost invisible to you: after you enter the passphrase (be sure to pick a good, long one) when the computer starts up, everything looks and feels just like normal Ubuntu.
You can also encrypt external media like USB drives using Ubuntu’s Disk Utility. Setting up an encrypted external disk is as simple as checking the «encrypt underlying filesystem» box when formatting the disk. You can even store the passphrase on your (encrypted) keyring, so that you don’t need to enter the phrase every time you plug that disk into your computer.
If your whole disk — and all your removable media — is encrypted, there’s much less to worry about. A thief or police officer would need to swipe your computer while it’s on, (or within a minute or two of turning it off if they’re very good) in order to access your data. If you hibernate (rather than suspend) your computer when it’s not in use, then you should be pretty safe.
If you ever need to completely destroy all your data, you don’t need to do a Gutmann wipe of your whole disk. Simply overwrite the very beginning of the disk, to destroy the headers for the encrypted volume. Unlike with a regular filesystem, this will actually make it impossible to recover the data.
So, how do you go from your current setup to a safely encrypted disk? It’s quite a challenge to retrofit a currently-installed operating system to use an encrypted disk. The easiest approach is to backup all your data and settings, then reinstall with an encrypted disk. When backing up, make sure to back up your data to an encrypted external drive, but don’t save the passphrase in your keyring.
After you’ve backed everything up, you may want to aggressively wipe your hard drive, to make sure that none of your existing data can be recovered in the future. If you’re using an SSD, the process is even more challenging, so depending how much you want to invest in the process, it might be worth destroying your current disk (a challenging proposition) and starting with a new one.
When reinstalling the OS, if you haven’t aggressively wiped the disk already, you should make sure to completely fill the new encrypted partition, which will overwrite all your old data. Once you’ve restored your backup, you may want to aggressively wipe the start of the backup disk, to destroy the encryption header, so that it can’t be recovered again.